Technical Field
The present invention relates generally to the field of computers and computer devices. More particularly, the present invention relates to a computer device and a method for controlling access to a resource in a computer device.
Description of Related Art
A computer device executes applications using a plurality of physical and logical resources, such as system services, drivers, files and settings. Many operating systems provide a security system that controls access to these resources by applying a security model in which access privileges are based on user accounts. An operating system may define privilege levels appropriate to different classes, or groups, of users, and then apply privileges of a relevant class or group to a particular logged-in user. The user is authenticated by logging in to the computer device, and the user, via their previously prepared security account, acts as a security principal in the security model. The security system then authorizes appropriate privileges to the applications, which run in that user's security context. To implement authentication and authorization, the security system typically includes an authentication system and an authorization system that operate together.
The authentication system verifies an identity of an entity (e.g. a user or a service) and may be a precursor to authorization, thereby identifying the entity so as to determine whether that entity should have permission to perform an operation on or with a resource, for example. Alternatively or additionally, the authentication system may produce an audit trail, by logging which entity performed the operation. The authentication system may verify the identity of the user by local user authentication. For example, the user may be authenticated by logging onto the computer device by providing a username and a password. In this way, the user acts as the security principal for the authorization system. Alternatively, in remote user authentication, users are authenticated by the authentication system running on a remote server when performing certain operations. Additionally, the authentication system may verify an authenticity of a remote server by network host authentication.
The authorization system grants permission for the entity to perform a restricted operation on or with the resource. The authorization system enforces access rights for the entity for each application running on the computer device, whereby an application is permitted (or denied) access to each of the resources, consistent with a set of security privileges allocated to the user for that application. For example, if the application is running in an ordinary user's security context, the application is able to read from a particular file, but is not permitted to write to that file. Meanwhile, if the application is running in a local administrator's security context, the application typically has higher privileges, e.g. is able to both read from and write to that file.
It is desirable to implement a least-privilege access security model, whereby each user is granted a minimal set of access privileges which is just sufficient for the user's applications to operate on the computer device. However, many applications require a relatively high privilege level, such as a local administrator level, in order to install and operate correctly. Hence, in practice, there is a widespread tendency to grant additional privilege rights, such as the local administrator level, or a system administrator level, to all members of a relevant user group, and thus allow access to almost all of the resources of the computer device. This level of access may be greater than is desirable or appropriate from a security viewpoint. For example, there is a possibility of accidental tampering with the computer device, leading to errors or corruption within the computer device. Further, a particular application (e.g. an infection or malware) may maliciously access key resources of the computer device with the deliberate intention of subverting security or causing damage.
Therefore, there is a need to provide a mechanism which allows the least-privilege principle to be implemented while still enabling desired, legitimate, applications to execute on the computer device by accessing the relevant resources. In particular, there is a need to enable higher-level access rights, such as local administrator rights, for ordinary users but without compromising security of the computer device.
The example embodiments have been provided with a view to addressing at least some of the difficulties that are encountered in current computer devices and computer networks, whether those difficulties have been specifically mentioned above or will otherwise be appreciated from the discussion herein.